We need a minimal, opt-in authentication option for the API. Authentication does not need to care about users, just that the client making the request should have access to the API. To this end the following should be added to the API:

• Via the environment allow enabling/disabling authentication
• Create a tokens table with a single UUID column that we can manually populate and generate tokens for API clients with
• When authentication is on, check that a token is in the table

Acceptance Criteria:

• Environment Variable turn Auth on/off
• Endpoints wrapped in optional auth that uses the Authorization header with a value of Bearer <Token>
• A migration for a token table
• Instructions in the README for manually generating tokens